RS: Added more details to create CA-signed certs

[rrelledge]

Note

Low Risk
Markdown documentation only; no application, API, or infrastructure code changes.

Overview
Expands the Create CA-signed certificates section in create-certificates.md from short guidelines and a minimal OpenSSL example into an end-to-end operator guide.

Certificate requirements are consolidated into explicit rules: both TLS Web Server and TLS Web Client authentication in extended key usage (with a warning that server-only templates break TLS), required SAN DNS patterns for cluster FQDNs, key usage, SHA-256/512, RSA key size, and chain ordering in PEM files.

New procedural content covers OpenSSL (sample redis-cert.cnf, key/CSR generation, CSR verification, CA submission, chain assembly), Windows AD Certificate Services (custom template with client+server auth, certreq flow, PFX export and PEM conversion), pre-upload validation (openssl checks for EKU, SAN, chain, key match), install steps (chmod/chown and rladmin cluster certificate set with a cert-name table), and troubleshooting for SSLV3_ALERT_UNSUPPORTED_CERTIFICATE, CERTIFICATE_VERIFY_FAILED, key mismatch, and missing SANs.

The older split server/client certificate guidelines and the brief standalone Create certificates OpenSSL-only steps are largely replaced by this structure.

^{Reviewed by Cursor Bugbot for commit 263ba8f. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

DOC-6065

[github-actions]

Staging links:
https://redis.io/docs/staging/DOC-6065/operate/rs/security/certificates/create-certificates/

[jit-ci]

🛡️ Jit Security Scan Results

✅ No security findings were detected in this PR

---

^{Security scan by Jit}

[andy-stark-redis]

One minor suggestion that might improve the clarity of the lists a bit, but otherwise language and links LGTM.